Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rBqVFORHnYiS_2kcN2G9nmIk1ys.roa
File: rBqVFORHnYiS_2kcN2G9nmIk1ys.roa (raw, json)
Hash identifier: U6AwJ/4wUy0WkKDIqnb+sGYm+vah5tJ1Mg+km2gyCeY=
Subject key identifier: AC:1A:95:14:E4:47:9D:88:92:FF:69:1C:37:61:BD:9E:62:24:D7:2B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 575E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rBqVFORHnYiS_2kcN2G9nmIk1ys.roa
Signing time: Wed 15 May 2024 01:54:16 +0000
ROA not before: Wed 15 May 2024 01:54:16 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22366 (0x575e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 15 01:54:16 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=AC1A9514E4479D8892FF691C3761BD9E6224D72B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:d3:27:b3:35:42:a2:5c:1f:3b:2d:6b:50:8d:
de:0d:2c:8a:a6:6a:14:f7:a0:3a:ea:dc:d8:46:c7:
a9:fe:6c:ea:5b:68:31:07:59:2b:0c:ab:0f:74:b5:
2f:bf:ae:6a:21:d3:52:bc:88:a2:9f:3d:b0:2e:bb:
3a:16:32:63:60:3c:18:5d:3e:0a:a4:4e:42:43:4e:
7b:83:58:e5:99:97:1b:39:73:61:12:f7:cd:20:b5:
1a:32:80:02:35:f8:c3:48:d0:9f:4a:3c:35:fa:9f:
87:39:70:71:e7:bd:23:06:38:13:29:7c:a9:ac:2f:
08:b3:82:13:c0:e4:d1:ac:9d:e0:7e:41:dd:cc:89:
18:44:0e:cd:6c:3e:e7:fa:ec:88:09:c7:3a:35:e0:
09:6e:60:6a:47:b4:55:c7:de:e9:fd:ee:7f:30:48:
b0:fa:45:a1:3f:68:0f:5c:69:fb:f1:ba:26:fc:9d:
81:97:67:56:d1:76:47:16:58:fe:76:15:e8:a1:20:
7a:8c:ff:e0:87:cb:c0:11:0b:77:4d:d8:74:85:61:
c0:85:e6:8f:82:ce:70:56:9f:e1:e9:f3:ec:13:b5:
fe:6f:c2:13:10:ca:0b:d2:52:79:ed:19:27:3f:9f:
da:1c:b8:b1:86:f6:6c:0d:bb:1b:e0:86:70:dd:4e:
18:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:1A:95:14:E4:47:9D:88:92:FF:69:1C:37:61:BD:9E:62:24:D7:2B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rBqVFORHnYiS_2kcN2G9nmIk1ys.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
58:95:f5:ff:9a:83:53:20:db:b7:b5:62:f0:98:f4:da:70:a6:
d5:45:88:9f:7c:c2:20:a7:ea:b9:01:f9:de:7a:16:07:95:36:
16:3a:e1:41:e8:8b:e8:dd:16:f4:aa:73:e5:b7:2b:73:b3:46:
89:79:bd:a6:0a:97:81:40:6f:53:42:09:38:94:4a:76:60:ea:
12:26:87:10:e7:80:00:76:37:4b:fe:73:dc:83:9d:83:d2:23:
51:35:81:d9:c1:5a:77:2c:66:22:18:d7:38:9f:a0:fb:6d:4b:
ec:aa:0e:f2:74:ed:8c:59:fc:57:9d:34:f8:13:ad:ba:d8:e8:
52:e2:72:70:d7:d8:fb:28:cc:06:9a:69:bf:d0:06:5f:1f:9f:
d9:7c:78:be:86:20:ab:aa:1d:d6:18:fa:8c:d2:79:f7:77:da:
22:06:f8:4a:95:c8:44:e6:f1:a9:62:1a:bb:c6:c5:94:28:bf:
8b:32:dd:c5:7d:ae:b1:b8:c1:44:76:ba:a5:23:76:cb:a0:44:
95:66:25:2c:a9:9e:79:20:00:50:cc:d5:6c:f6:0c:c5:0e:5a:
b1:cd:63:12:48:7c:b9:13:cb:04:4d:a2:ec:4c:42:58:ef:2a:
98:af:3e:90:49:c8:34:3c:35:e5:e6:87:df:15:5d:90:97:15:
11:81:2c:18
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICV14wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTUw
MTU0MTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFDMUE5NTE0RTQ0NzlE
ODg5MkZGNjkxQzM3NjFCRDlFNjIyNEQ3MkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDa0yezNUKiXB87LWtQjd4NLIqmahT3oDrq3NhGx6n+bOpbaDEH
WSsMqw90tS+/rmoh01K8iKKfPbAuuzoWMmNgPBhdPgqkTkJDTnuDWOWZlxs5c2ES
980gtRoygAI1+MNI0J9KPDX6n4c5cHHnvSMGOBMpfKmsLwizghPA5NGsneB+Qd3M
iRhEDs1sPuf67IgJxzo14AluYGpHtFXH3un97n8wSLD6RaE/aA9cafvxuib8nYGX
Z1bRdkcWWP52FeihIHqM/+CHy8ARC3dN2HSFYcCF5o+CznBWn+Hp8+wTtf5vwhMQ
ygvSUnntGSc/n9ocuLGG9mwNuxvghnDdThgxAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUrBqVFORHnYiS/2kcN2G9nmIk1yswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3JCcVZGT1JIbllpU18y
a2NOMkc5bm1JazF5cy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAWJX1/5qDUyDbt7Vi8Jj02nCm1UWIn3zC
IKfquQH53noWB5U2FjrhQeiL6N0W9Kpz5bcrc7NGiXm9pgqXgUBvU0IJOJRKdmDq
EiaHEOeAAHY3S/5z3IOdg9IjUTWB2cFadyxmIhjXOJ+g+21L7KoO8nTtjFn8V500
+BOtutjoUuJycNfY+yjMBpppv9AGXx+f2Xx4voYgq6od1hj6jNJ593faIgb4SpXI
RObxqWIau8bFlCi/izLdxX2usbjBRHa6pSN2y6BElWYlLKmeeSAAUMzVbPYMxQ5a
sc1jEkh8uRPLBE2i7ExCWO8qmK8+kEnINDw15eaH3xVdkJcVEYEsGA==
-----END CERTIFICATE-----
Generated at Sat Jun 21 00:43:49 2025 by rpki-client